-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Tim Bilbro wrote: > You do a disservice to all IT shops by announcing these vulnerabilities > before contacting the vendor.
I think lame inaccurate "blogging" causes more harm than research and result dissemination. Seriously - those who think full disclosure is bad should think a little more. Would you be happy if all software were more like the Bush administration? Secrets are the results of corruption. If you write bad/insecure software and charge out the ass for it - you bet I'd want it to work and be as secure as advertised. Randal T. Rioux | Procyon Labs IT Security R&D and Consulting Virtual: www.procyonlabs.com Physical: DC / Baltimore PGP: gpg --keyserver pgp.mit.edu --recv-keys 0xD08D1941 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFET/IvRrGMQdCNGUERAxkfAJ0bE+e3qTHJ+0idC6y0lcMM/xE/OwCfXLOY 9noRONs+WeuuV2UL0BpaWAw= =zeBm -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/